A former worker at Meta is under criminal investigation after he was suspected of downloading around 30,000 private Facebook images.
The engineer was employed by the social media giant when it is believed he designed a programme to be able to access the personal pictures while avoiding internal security checks.
A specialist detective from the Metropolitan Police’s cybercrime unit is investigating the alleged mass invasion of Facebook users’ privacy.
Meta has confirmed to the Press Association that the suspected breach was discovered more than a year ago and the company itself referred the matter to police in the UK.
It added that affected Facebook users have been notified, the worker was sacked and it says it has upgraded its security systems.
The engineer under suspicion, who lives in London, is currently on police bail while the criminal investigation continues.
According to court papers seen by the Press Association, police say he “is alleged to have accessed and downloaded approximately 30,000 private images belonging to Facebook users whilst working for Meta”.
“It is alleged that he created a script designed to circumvent Meta’s internal detection systems, allowing him to do so.”
Two weeks ago, two magistrates agreed to vary the man’s police bail so that he must next report to Met officers in May and inform the force of any plans for foreign travel.
A Meta spokesperson confirmed the existence of the criminal investigation, saying: “Protecting user data is our top priority.
“After discovering improper access by an employee over a year ago, we immediately terminated the individual, notified users, referred the matter to law enforcement and enhanced our security measures.
“We are co-operating with the ongoing investigation.”
Facebook suffered a bug in 2018 which was believed to have affected up to 6.8 million people and given third-party apps wider access to user photos on the social network.
In 2024, it was reported that Meta had been fined 91 million euro by the Data Protection Commission in Ireland over the way millions of Facebook and Instagram user passwords had been inadvertently stored in plaintext on its internal systems, meaning they were not protected by encryption.
The latest security concern has emerged just after Meta, which also owns WhatsApp, suffered a landmark court defeat alongside Google last month after being accused of failing to protect its users from harm.
A court in Los Angeles found the companies liable for a woman’s childhood social media addiction in a ruling which could have widespread ramifications for the way the platforms are operated in the future.
Boy, 14, shot dead told ‘broken’ mum he was filming a rap music video
M&S staff ‘worried’ about coming into work as chain warns shoplifting escalating
Trespasser blocks lines causing South Western Railway delays near Teddington - live
Boy who had collapsed lungs as child wins karate medal at world championships
